US9749449B2ExpiredUtilityPatentIndex 45
TCP/IP-based communication system and associated methodology providing an enhanced transport layer protocol
Est. expiryAug 8, 2023(expired)· nominal 20-yr term from priority
H04L 63/166H04L 69/30H04L 63/0428H04L 63/0485H04L 29/06102H04L 69/161H04L 12/22H04L 9/32H04L 12/66
45
PatentIndex Score
0
Cited by
34
References
19
Claims
Abstract
A more secure TCP/IP protocol stack is provided having an enhanced transport layer. Encryption and decryption logic is arranged on the transmission side and on the reception side for processing a payload of a transport layer protocol, such as TCP or UDP. By employing this enhanced transport layer, a cryptograph process communication can be realized by dissolving various kinds of restrictions which a conventional IPsec or SSL possesses without affecting upper layer processing, and, at the same time, maintaining compatibility with the IP layer.
Claims
exact text as granted — not AI-modifiedThe invention claimed is:
1. A networking device that communicates via a network according to a communication protocol, comprising:
a microprocessor configured to
encrypt, in a layer no higher than a transport layer of the communication protocol, at least a payload of a packet to be transmitted according to the communication protocol, the microprocessor appending encryption information generated in the transport layer both before and after the payload;
decrypt at least a payload of a received packet based on encryption information appended before or after the payload of the received packet;
wherein the microprocessor encrypts and decrypts packets when the encryption information in the received packet indicates that transport layer encryption is supported.
2. The networking device according to claim 1 , wherein the communication protocol is one of a Transmission Control Protocol (TCP) or a User Datagram Protocol (UDP).
3. The networking device according to claim 1 , wherein an encryption algorithm used by the microprocessor is periodically updated.
4. The networking device according to claim 1 , wherein the microprocessor does not encrypt plain text.
5. The networking device according to claim 1 , wherein the microprocessor does not encrypt the payload of the packet to be transmitted when the encryption information in the received packet indicates that transport layer encryption is not supported.
6. The networking device according to claim 1 , wherein the networking device is one of a router, a gateway, a bridge or a server.
7. The networking device according to claim 1 , wherein the encryption information of the packet to be transmitted includes information identifying the networking device.
8. The networking device according to claim 7 wherein the information identifying the networking device includes at least one of a serial number, a version number and a release number.
9. The networking device according to claim 7 , wherein the information identifying the networking device is obtained from a third-party authentication server.
10. A method to cause a networking device to communicate via a network using a communication protocol, comprising:
decrypting, in a microprocessor of the networking device, at least a payload of a received packet based on encryption information appended before or after the payload of the received packet;
encrypting, in the microprocessor of the networking device and in a layer no higher than a transport layer of the communication protocol, at least a payload of a packet to be transmitted according to the communication protocol when the encryption information in the received packet indicates that transport layer encryption is supported; and
appending, by the microprocessor, encryption information generated in the transport layer both before and after the payload when the encryption information in the received packet indicates that transport layer encryption is supported.
11. The method according to claim 10 , wherein the networking device includes one of a router, a gateway, a bridge and a server.
12. The method according to claim 10 , the payload of the packet to be transmitted are not encrypted when the encryption information in the received packet indicates that transport layer encryption is not supported.
13. The method according to claim 10 , wherein the encryption information of the packet to be transmitted includes information identifying the networking device.
14. The method according to claim 13 , wherein the information identifying the networking device includes at least one of a serial number, a version number and a release number.
15. The method according to claim 13 , wherein the information identifying the networking device is obtained from a third-party authentication server.
16. The method according to claim 13 , wherein the communication protocol is one of a Transmission Control Protocol (TCP) or a User Datagram Protocol (UDP).
17. A non-transitory computer-readable medium storing computer readable instructions thereon, the computer readable instructions when executed by a microprocessor of a networking device cause the microprocessor of the networking device to perform a method comprising:
decrypting at least a payload of a received packet based on encryption information appended before or after the payload of the received packet;
encrypting, in a layer no higher than a transport layer of a communication protocol, at least a payload of a packet to be transmitted according to the communication protocol when the encryption information in the received packet indicates that transport layer encryption is supported; and
appending encryption information generated in the transport layer both before and after the payload when the encryption information in the received packet indicates that transport layer encryption is supported.
18. The non-transitory computer-readable medium according to claim 17 , wherein the networking device is one of a router, a gateway, a bridge and a server.
19. The non-transitory computer-readable medium according to claim 17 , wherein the payload of the packet to be transmitted are not encrypted when the encryption information of the received packet indicates that transport layer encryption is not supported.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.